Urgent Information About Cyber Security

Cyber-attacks are on the rise in recent months as criminals take advantage of work from home arrangements and vulnerable IT systems. Read more to learn how you can protect your data and urgent counter-measures you can take.

Federal Alert

The Canadian Centre for Cyber Security, a federal agency, recently issued an alert about a wave of compromises to computer networks in Canada. The breaches took advantage of less secure remote access services, unpatched services, and a lack of two-factor authentication.

Remote Access – Criminals are taking advantage of vulnerabilities in VPN (Virtual Private Network) and direct RDP (Remote Desktop Protocol) access to servers and workstations

2FA – Two-factor authentication means you need two pieces of evidence to gain access, such as a password and a one-time access code

Patch – An update or fix to a software bug or security vulnerability


The Centre issued this pointed advice:

The Cyber Centre is urging Canadian organizations to apply all security updates to their internet-facing services and enable 2FA for all remote access accounts. Organizations failing to apply security updates promptly and not using 2FA are exposing themselves to compromises such as information theft and ransomware.”

Reference: https://cyber.gc.ca/en/alerts/canadian-organizations-exploited-unpatched-devices-and-inadequate-authentication-0   

6 Urgent Steps You Can Take to Stay Secure


STEP 1: Review hardware and software to ensure patch availability

Your IT Managed Service Provider should deliver security patching for the systems they manage. But, they cannot patch unsupported, obsolete hardware and software such as Windows 2008, Windows 7* or legacy firewalls. (*ESU excepted)

ACTION: Contact your MSP to review and replace end-of-life systems.

STEP 2: Implement Multi-factor Authentication

It is slightly inconvenient, but essential. However, we recommend that you do not use SMS Text messages as your second factor. It is shockingly easy for criminals to take control of your cell phone number. Try AuthPoint:

  • Simple one-button approval
  • Works easily when offline

ACTION: Request a quote for the implementation of AuthPoint

STEP 3: Guard Your Most Important Password

Every network has an “administrator” password. If a hacker gains access to this account, they have the keys to your kingdom. Ideally, your MSP will store your admin credentials in an encrypted vault, and change it when an employee with access departs. Still, hackers can continuously use computational power to try to “brute-force” this door. It is an arms race.

F12 has researched and tested a new solution that automatically changes the administrator password to a randomized and unique key every day and then stores that key in an encrypted, access-controlled system. Contact us for more information.

ACTION: Purchase Daily Administrator Password Rotation

STEP 4: Reboot systems regularly to ensure patches are fully applied

Some security patches only become active after a full system reboot.

ACTION: Speak with your MSP to confirm your reboot/maintenance window.

STEP 5: Review your remote access methodology

Have a policy that requires security patches on non-company owned computers. Do not permit weak passwords or direct RDP (Remote Desktop Protocol) access into your network.

ACTION: Consult with your F12 Account Manager to review your policies

STEP 6: Take the free online security assessment quiz

ACTION: Use our free cyber security risk assessment to get your instant risk score results